AnyConnect 4 – Plus and Apex Licensing Explained
May11

AnyConnect 4 – Plus and Apex Licensing Explained

Posted By on May 11, 2021

KB ID 0001013  Problem (Updated 11/05/21) Before version 4 we simply had AnyConnect Essentials and Premium licensing, now we have Plus and Apex licensing. AnyConnect Plus and Apex There are in fact three licensing options; Cisco AnyConnect Plus Subscription Licenses Cisco AnyConnect Plus Perpetual Licenses Cisco AnyConnect Apex Subscription Licenses NEW VPN Only perpetual Licences Plus and Apex Contain; AnyConnect PLUS (Cisco pitch...

Read More
Cisco Catalyst 9200 / 9300 DNA Licensing
May06

Cisco Catalyst 9200 / 9300 DNA Licensing

Posted By on May 6, 2021

KB ID 0001750 Problem I get asked this at least once a month, “What’s the score with this DNA Licensing?” It took long enough for everyone to get used to Lan Base, IP Base, and IP Services! The cynic in me would say, Cisco have learned from Meraki that selling subscription licences is much better than selling products that you don’t get any recurring revenue from. But I’ll try an give you the short answer...

Read More
macOS – SSH Error ‘No Matching Exchange Method Found’
Mar24

macOS – SSH Error ‘No Matching Exchange Method Found’

Posted By on Mar 24, 2021

KB ID 0001245  Problem Note Certified working all the way up to macOS Big Sur version 11.2.3 I thought my RoyalTSX had broken today, I upgraded it a couple of weeks ago, and I upgraded to macOS Catalina 10.15 the other day. After this, all my SSH sessions refused to connect with this error;   Unable to negotiate with x.x.x.x port 22: no matching key exchange found. Their offer diffie-hellman-group1-sha1 Note: You may also see the...

Read More
Replacing Cisco Firewalls with Fortinet Firewalls
Mar22

Replacing Cisco Firewalls with Fortinet Firewalls

Posted By on Mar 22, 2021

KB ID 0001741 Replacing Cisco If you’ve been following articles on the site you will know that the focus of the firewall related output is shifting from Cisco ASA / Cisco FirePOWER to Fortinet (FortiGate) firewalls. This article is so you can make an informed choice about what you want to replace your Cisco firewall with. Note: I’m starting with SOHO and Business sized firewalls but I will extend this to ‘Enterprise...

Read More
Cisco ASA to Fortigate VPN (Properly!)
Dec14

Cisco ASA to Fortigate VPN (Properly!)

Posted By on Dec 14, 2020

KB ID 0001721 Problem A while ago I did a run through on site to site VPNs from Cisco ASA to Fortigate firewalls. Back then I said that the default settings were a bit ‘shoddy’ and that I’d revisit it once I had more time. What do you mean shoddy? Well, Cisco and Fortinet are both guilty of enabling ‘Everything’ to make the tunnel come up, so people can just use a wizard and not put to much thought into...

Read More
Cisco ASA: Received a DELETE PFKey message from IKE
Dec11

Cisco ASA: Received a DELETE PFKey message from IKE

Posted By on Dec 11, 2020

KB ID 0001720 Problem I was debugging a VPN tunnel today. (From a Fortigate to a Cisco ASAv). I was messing around with the encryption and hashing, when the tunnel fell over. Phase 1 was establishing fine but not Phase 2 (IPSEC).  I’ve got better skills on the ASA, so that’s where I was debugging; IPSEC: Received a PFKey message from IKE IPSEC: Parsing PFKey GETSPI message IPSEC: Creating IPsec SA IPSEC: Getting the...

Read More